CVE-2022-25194

Name of the Vulnerable Software and Affected Versions Jenkins autonomiq Plugin versions 1.15 and earlier

Description A cross-site request forgery (CSRF) vulnerability exists due to the lack of permission checks in an HTTP endpoint. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password. The HTTP endpoint is also vulnerable because it does not require POST requests.

Recommendations For Jenkins autonomiq Plugin versions 1.15 and earlier, consider disabling the vulnerable HTTP endpoint until a patch is available. Restrict access to the endpoint to minimize the risk of exploitation. Avoid using the username and password variables in the affected endpoint until the issue is resolved.